Voters 24
-
-
-
M
-
R
-
B
-
A
-
A
- + 18 voters
-
-
H
-
G
-
T
-
P
-
A
-
M
-
P
-
R
-
M
-
R
-
R
-
R
-
Z
-
A
-
G
-
J
24
Cloud WAF Rule Creator
- Planned
- Subscribe
 |
Laszlo Takacs - BitNinja CCO |
We are eager to release new WAF rules for our customers, but it's hard to write rules which work for more then 10 million webpage. And we are curious if we provide you a WAF rule editor UI would you deploy specific hand crafted rules for your system?
In the past years we have seens some server which had mod security rules installed before us, but we would love to know if you are interested in writing more refined rules, for your specific situation.
Let us know, so we can create the best solution for You!
Activity Newest / Oldest
Gareth Phillips
A WAF rule editor is desperately needed for Bitninja! We have been subjected for several weeks now by a simple bruteforce attacker targeting our OpenCart /admin/, and we can easily repel 100% of this bruteforce attacker with a simple PHP rule like this in the admin/index.php:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (empty($_GET)) {
header('HTTP/1.0 403 Forbidden');
exit;
}
}
The only issue is the attacker's POST requests still show in the server's access log, this rule needs to be implemented on a WAF level, we don't want to see junk in our server access log!
Mark Bacsko
Thank you for your input Gareth! Feedback like this helps us evaluate the need for such features quicker, and with more certainty.
Gareth Phillips
Thanks for taking it into consideration.
At the moment, Bitninja is pretty useless for this kind of a simple bruteforce attack we are experiencing. We have hundred of thousands grey-listed IP-addresses, and your captcha-based rules are too easily overcome, or worst, lock out genuine users. Hence the need for a simple custom rules editor!
Dhon Xean Bobis
As a developer, I think it would be a really great feature. But if it would be deployed on a server level, I think it would be hard to use in my standing. If you can make it on a domain level, it would be perfect, but that's just my suggestion. Thank you for thinking on more ways to make our life easier!
Mark Bacsko
Status changed to: Planned